Linux is the fast growing state-of-the-art OS. This blog will focus on new kernel features, Review of the best opensource software and news. HOWTO's will also be added from time to time based on interest.

Tuesday, February 3, 2009

The post Hiding Zipped File Under Jpg Image showed the steps to achieve data hiding in jpg. Since Ego was questioning the theory behind this, i decided to get my hands dirty and find the answer. To understand this, we need to understand the data structures of jpg image and zip files.Lets bisect the jpg image first.Jpg Header Format:

Start of Image (SOI) marker -- two bytes (FFD8)JFIF marker (FFE0)

* length -- two bytes * identifier -- five bytes: 4A, 46, 49, 46, 00 (the ASCII code equivalent of a zero terminated "JFIF" string) * version -- two bytes: often 01, 02 o the most significant byte is used for major revisions o the least significant byte for minor revisions

The bold words in the above header is of importance to us. The 4 byte value consisting of SOI and JFIF marker. This signifies the starting of the jpg image. Any standard image viewer searches the file for "d8ff e0ff" (little endian mode) pattern. Once this of found, marks the start of the jpg image. The end of the jpg image is marked with "0xd9ff" (little endian mode). A cat on the image is going to make sure that some data is written after 0xd9ff there by making it unnecessary for any image viewer to bother about data after 0xd9ff.

As seen in the bold letters is the signature of the start of the zip file. So the unzip program tries to find the above pattern in the file and assumes that the rest of the file till "end of central dir record" is reached. This explains why tar.gz or tar.bz2 files don't work while zip does. In other words, the gz/bz2 formats look for starting 4 bytes as identifiers and if not found will quit immediately.The following example will illustrate the file layout of the various file formats.Example: Generated using hexdumpImage file (jpg):

This little example must be able to clear out the doubts of how this works. Next step would be to manipulate the hex file to make zip program believe that jpg data is the zipped data. Stay tuned for more on this.

1 comment:

My friend told me an interesting occurence. Some days ago he downloaded some zip files from the Internet with movie inside and they were damaged. But he entered in the Google and found there - what to do with broken zip files. He was marveled,because it solved his problem for seconds and free of cost as far as he remember. Besides I tried it too and it helped me quite easy and fast in similar situation.